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(54) Distributed networtc based electronic wallet 

(57) A system, in which information is the primary 
asset and in which investments may be made in infor- 
mation, includes multiple data stores for storing different 
types of a user's information. The safe, secure and 
properly authorized transfer of information white pre- 
serving individual privacy is provided. The system also 
provides for secure backup and storage, as well as for 
ubiquitous and nomadic access to information while 
maintaining the privacy of such information. A first data 
store includes static identification data about a user. A 



second data store includes moderately dynamic per- 
sonal data atx>ut the user. A third data store includes 
dynamic demographk; Information data about the user. 
An electronic wallet can be used with the system to 
download selected portions of the data for use by the 
user. A method of use of the data includes using the 
data for billing out forms, providing servfoes to the user 
and allowing merchants to selectively target users for 
sales while maintaining user anonymity. 
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Description 

CROSS REFERENCE TO RELATED APPLtCATiONS 

[0001 ] This application is related to Provisional Patent s 
Application No. 60/065^1 entitled "Distributed Net- 
work Based Electronic Wallet." filed on Novennber 12, 
1 997, to which priority is claimed. 

FIELD OF INVENTION io 

[0002] This invention relates to information storage 
and retrieval systems, and more particularly, to an elec- 
tronic system for storage and authorized distribution of 
personal information. is 

BACKGROUND OF INVENTION 

[0003] In today's information-based economy. Infor- 
mation is recognized by may corporations as a primary 
asset which, much like cun'ency, fully realizes its value 
only with frequent use. Infornrtatlon is a important asset 
not only tor corporations, but also tor individuals who 
often need to repetitively provide certain personal facts 
to merchants and service providers with whom they do 
business. 

[0004] Collections of personal information, in the form 
of demographics, are invaluable to companies wishing 
to conduct targeted marketing campaigns. Examples of 
information collections include insurance policies, legal 
documents, medical records, and financial and credit 
histories. This information represents a valuable com- 
nrxxllty which may corporations are willing to purchase. 
[0005] In fact, may companies are known to massage 
their consumer accounts to aeate mailing lists which 
can be sold. Likewise, nrost consumers know this hap- 
pens, and are not surprised to receive a barrage of cat- 
alogs from previously unknown verKlors after placing a 
mail order for goods. Many consumers are annoyed by 
this practice and some may even avoid the offending 
vendor in the future in order to prevent further abuse of 
their personal information. However, most of these con- 
sumer concerns could be eliminated, or at least 
reduced, if this data were first saubbed or sanitized to 
renxsve all references to the particular individual before 
being made available as marketing data. 
[0006] Privacy is a growing concern in the internet and 
electronic commerce arena because each time you 
enter a site, your browser already tells the server a lot 
about you, such as which browser you're using and your 
IP address. This makes it easy for data miners to track 
site visits and strip information from unsecured data 
transmissions. In response, the Internet business com- 
munity is promoting Open Profiling Standards (OPS) 
which altow individuals to save personal information on 
a hard drive on their PC and only allow others to access 
portions of this information after the individual grants 
permission. 



[0007] There is also concern over the use of cookies, 
or tokens that are attached to a user program and 
change depending on the web site areas entered. When 
you enter a web site using cookies, you may be asked to 
fill out a torm providing information such as your name 
and interests. This information Is packaged into a 
cookie and sent to your w^ browser which stores it for 
later use. The next time you go to the same web site, 
your browser will send the cookie to the web server. The 
server can use this information to present you with cus- 
tom web pages. Cookies are typically designed to be 
persistent and remain in the browser for long periods of 
time, and can be used to unknowingly disclose the 
address of tiie site you most recently visited, or move- 
ments within a site. 

[0008] Consumers also increasingly want to system- 
atically organize and secure personal information but 
are generally limited in their ability to do so by the avail- 
ability of commerdai software programs. For example, 
certain financial planning ad management software 
packages provide a facility for storage of personal infor- 
mation on the consumer's PC. This practice can be vex- 
ing if tiie PC subsequently experiences an anomalous 
operation or a system malfunction. There is tiien a need 
for a system which would allow personal information to 
be professionally backed-up, tiius protecting against 
mishap, natural disaster, negligence, or even PC theft. 
[0009] Consumers also want the ability to control and 
define access to their information, using presentiy avail- 
able technology to securely and privately store, sort 
and/or exchange information. There is then a need for a 
tiiird party who woukJ provide these types of services 
with a primary aim of preserving its consumers' per- 
sonal privacy. 

SUMMARY OF THE INVENTION 

[001 0] In one aspect the invention provides a system 
for the selective organization, access to and use of per- 
sonal data. The system may inctude a server having 
data storage capability for storing different types of per- 
sonal data in distinct data stores, i.e., an "information 
bank", such that tiie infonmation may be eff identiy used 
by the consumer and by institutions which tiie consumer 
has authorized to access tiie data. A first data store may 
include what is known as static identification data which 
Is personal to a user such as a consumer and which is 
typically necessary for establishing a relationship 
between the consumer arti an institutfon. Such a con- 
sumer will have a means to access the static identifica- 
tion data, such as a personal computer, network 
computer, smart tel^hone or otiier communication 
device through the Internet or otiier networic connection 
or wireless connection. A second data store may 
Include what is known as moderately dynamfo personal 
data about a user or may users, again a consumer or 
consumers. This would typically include a large volume 
of data which may be difficult to manage and which is 
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stored primarily for the convenience of the consunner. A 
third data store may include dynamic demographic 
information data about the users or consumers. This 
data may be mined from the data stores mentioned 
above, or may be the result of information provided by 
the consumer, for example, in response to surveys. Typ- 
ically, this information is valuable to rinany research and 
marketing institutions which may directly or indirectly 
compensate the consumer for access to the informa- 
tion. 

[0011] For purposes of the disclosure herein, by the 
term "static identification data" is intended to mean a 
relatively small amount of data which is relatively static 
and which is typically necessary for establishing a rela- 
tionship between the consumer and an institution. This 
type of data ^ stored for a indefinite period of time, typ- 
ically at no cost to the customer. Examples of this type 
of data include name, address, phone number, social 
security number and other commonly asked for informa- 
tion on forms, applrcations, etc. This type of data can be 
used in services provided by an institution such as a 
bank as a free account to permit acttvities such as auto- 
mated form filling, safe shopping and general electronic 
commerce. Such a account file can generally be 
refen-ed to as a "courtesy account." 
[001 2] With respect to "moderately dynamic personal 
data", this is intended to mean a large aniount of data, 
which is dynamic and which is stored over long periods 
of time. Such types of data includes, for exanple, billing 
history, payment history, loans, real estate hoMings, 
stocK bond, fund holdings, medical records, home web 
pages and the like. This type of data can be used in 
services provided by an institution such as a t>ank on a 
charge for servtoe basis, and may be used in the 
account for bill presentment/payment, relationship man- 
agement, tax proration, divergency information (med- 
ical records) focal point, and the like. Such an account 
and file can generally be refen^ed to as a "service 
account." 

[001 3] As to "dynamic demographic information data", 
it is characterized by being denfK>graphic data including, 
user interests, user profiles and user agaits. Examples 
include age, geographic location, race, religion, profes- 
sional interests, hobby interests, frequent purchase cat- 
egories, explicit requests for infbrmatk>n, explicit 
requests for blocking categories of information. Custom- 
ers who allow use and transmission of this data to oth- 
ers such as merchants couU be paid a portion of 
receipts of selling that data received by an institution 
such as k>ank. The data can be provided to market 
research organizations, electronic census providers, 
organizations which provide profile special offers and 
the like. Such an account and file can generally be 
referred to as a "value generation account." 
[0014] More specifically, a consumer's financial insti- 
tution, by the nature of the transactions in which it 
engages, already has in its possession large amounts 
of confidential and disck>sure-sehsitive information. As 



may be appreciated from the prior description, exam- 
ples of this type of information include credit card pur- 
chases, income data, bank card transactions, loan 
application/servicing, etc. Thus, it is optimal for the 

5 financial institution to maintain principal possession, 
maintenance and storage of the types of information 
described previously for consumer authorized use and 
distribution, while simultaneously achieving, without the 
introduction of yet another party, the securing of the 

10 consumer's personal information in an "information 
bank." 

[0015] In accordance with the invention, the con- 
sumer's information may be made available through the 
financial institution's computer network server, thereby 

75 allowing convenient "universal" access to the con- 
sumer's personal infornration, i.e.. "static identification 
data". Thus; access to the consumer's information is 
only limited by access to standardized devices on com- 
puter networks, such as personal computers, i.e., PC's. 

20 network computers. PDAs, smart telephones and other 
communications devices which are connected to the 
financial institution through the Internet or other network 
connection. More inrportantly, the present invention 
eliminates the need for consumers to have direct 

25 access to the consumer's own PC, while at the ssam 
time providing required security and access authoriza- 
tion controls. 

[0016] As noted previously, there is also a need to 
organize and utilize a much broader range of informa- 

30 tk>n, including personal information. This type of infor- 
mation further includes data that is commonly 
associated with an individual, i.e.. the "nrxxJerately 
dynamic personal infbrmatton", and can be accessed by 
specif k: types of organizations or entities such as doc- 

35 tors, tax preparers, etc. EssentieUly. this information is 
automatically transferred, upon consumer authoriza- 
tion, to another party in a format that can be used. 
[0017] Finally, it is also desirable to organize demo- 
graphic information, i.e.. "dynamic demography infor- 

40 mation data", from consumers into collections of data 
for evaluation and use by other institutions and indivKlu- 
als. May of these institutions and individuals, which 
include merchants and others engaged in commerce 
and institutions engaged in research, are willing to pay 

45 for access to such information. However, due to privacy 
concerns it is desirable to make demographic informa- 
tion available without disclosing sensitive infbrmatton 
about indlvkiual consumers, such as actual name, phys- 
ical address, e-mail address, telephone number, etc. to 

50 a institution. Therefore an inquiring institution, for exam- 
ple a merchant, can come to the institution storing the 
consumer's data, such as a consumer's financial institu- 
tion, and request an information-based (e.g., electronic) 
profile of the kind of consumer to which its products and 

55 services woukJ k>e suited. Such a profile would typwally 
include the number of consumers within the database 
that met certain criteria. The merchant could then 
request that the financial instttutbn deliver information 
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or advertisements of its products or services to irxiivid- 
uals which meet certain criteria. The financial institution 
would then deliver the information or advertisement to 
individual consumers thus preventing direct contact 
between the merchant and the individual. After the con- 
sumer has the opportunity to anonymously review such 
information, the cortsumer at its own discretion may 
choose to contact the merchant 
[0018] A portion of the fee charged by the consumer's 
financial institution for the request and receipt of the 
consumer information may be used to pay the con- 
sumer as an inducement to partidpate in the transac- 
tion. Accordingly, the consumer Is investing information 
for financial and/or non-f Inandal gain. One example of 
non-financial gain might be the receipt of loyalty credits, 
as in the case of airline mileage points. Therefore, the 
consumer is remunerated by the financial institution 
depending on what the business strategy requires. 
[0019] The system of the information bank can thus 
provide, in specific aspects, three types of accounts: a 
courtesy account a service account, and a value gener- 
ation account. Basic information can be stored in the 
information bank courtesy account and used for auto- 
mated "form filling" services which are useful to the con- 
sumer as an easy means for providing personal 
information to others when and as authorized. This 
service may also include a digital signing service, a dig- 
ital signature verification service, and, for example, 
notary services. 

[0020] The information bank system's service account 
is appropriate for larger amounts of consumer gener- 
ated data which grows steadily over time. The service 
will provide for secure backup and storage, as well as 
for "ubiquitous" and "nomadic" access. Servk;e 
accounts may hold transaction logs, account histories, 
medical records, insurance information, financial 
records, etc. 

[0021 ] As personal computing devices become more 
accessible and "connected" through the Internet and 
other home networks, the requirement for home data 
storage devices may decrease. Since "standard" con- 
sumer software applications such as e-mail and home 
accounting packages have become readily available 
across distributed commercial networks, there is now a 
corresponding need for network based Information stor- 
age and safekeeping such as is provided in accordance 
with the invention. One advantage of using networked 
information storage is that consunr^rs will have access 
from many locations, and will not have to can-y the infor- 
mation with them when they trav^. as do pecple today. 
The consumer's information can be made securely ard 
privately available, for example, through "set top boxes" 
i.e.. cable system boxes used on television, and having 
advanced architecture such as RISC based technology, 
in hotel rooms or on terminals in emergency hospitals 
upon authorized demand via smart cards or other simi- 
tar devices. 

[0022] The service account will also provkJe software 



and data t)ackup/archival servk;es for small office/ home 
offk;e (SOHO) proprietors who prefer not to own stand- 
ard office software applk^ations, and who wish to know 
that their business records and data are securely and 

5 professionally managed. 

[0023] Another feature of theservice account Is to pro- 
vide third party access to othenMse confidential infor- 
mation In the event of accident, emergency, or death. 
For example, an unconscious accident victim cani pro- 

10 vide PIN or biometric access to urgently required medi- 
cal informatbn. Under these or other appropriate 
circumstances, the service makes stored medical infor- 
mation such as patient allergies, medications, medical 
history, etc.. available to authorized recipients. This fea- 

15 ture also allows estate executors to access informettion 
that is required to handle estate matters, for exanple, 
private keys. 

[0024] Storing data in a self describing meta lan- 
guage, such as XML format, facilitates transfer and use 

20 of data by third parties. With proper account owner 
access authorization, the service facilitates access arKi 
understanding of stored personal infornrtation, whk:h 
should reduce the dollar and time cost of services pro- 
vided by third party professional service providers, such 

2S as accountants or physicians. 

[0025] The service account may also include a ayp- 
tographic key esaow and recovery service which pro- 
vkies key escrow and recovery sendee by storing a key 
pair and certificate copy after these are generated by a 

30 browser, or by generating a key pair and certif kate and 
storing a copy The service then provides a replacement 
copy of the key pair and certificate in response to an 
authorized consumer request 
[0026] The present Invention will enable the establish- 

35 ment of a trusted third party service to market demo- 
graphic and other valuable marketing type Information 
to manufacturers, distributors, and other marketing con- 
cerns, while protecting an indivklual's identity. Fuzzy 
logk; matching is used to match merchant and con- 

40 sumer, on an anonymous basis so that neither knows 
the kf entity of the other, and allow consumers to search, 
shop, and negotiate anonymously, with only Items that 
match their interests being brought to their attention by 
the service. 

45 [0027] The system information bank may also serve 
as clearing house and mint for value exchange units 
created for use as coupons, tickets, tokens and other 
loyalty schemes. All of units will go through essentially 
the same creating, capture, redemption, and automated 

50 clearing functions. The information bank can provide 
senses related to the creation and maintenance of loy- 
alty programs. These coupons, tokens, etc. can be 
stored in the information bank and temporarily distrib- 
uted to or tracked by. for example, an electronk: wallet. 

55 1=br purposes of this disclosure an "electronic wallet" is 
a virtual container for the various information and finan- 
cial application a user might want to be mobile. The 
information is generic in nature, and the \valler can be 
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made to hold a heterogeneous coll^on of applications 
that are not necessarily affiliated, or even offered by the 
issuer of the wallet. The applications can be added "ad 
hoc'' after issuance of the wallet. Although not required, 
one example of an inplementation of the %valtet" is 5 
through the use of "snrtart card" technology of the type 
well known to those of ordinary skill In the art. 
[0028] The system of the information t>ank also pro- 
vides the ability for consumers to specify certain inpor- 
tant events of which they wish to be reminded or 10 
notified. The consumer can also define a notification 
hierarchy or priority, e.g. cell phone, work nunt)er, e- 
mail, home number, etc. and the tenacity built into the 
system for notification for each event. 
[0029] The "information bank" also includes the ability is 
to provide an anonymous shopping service which 
allows the shopper to span multiple merchant sites and 
shopping services. The Information bank Intermediates 
the consumer shopping by assigning the consumer a 
different alias for each site In order to make aoss corre- 20 
lation by data scavengers more difficult. Orders to pop- 
ular merchants are consolidated and paid in a lump 
sum. Consumers are billed internally by the information 
bank, so no consumer payment identification informa- 
tion crosses the Internet or Is nr^e available to mer- 25 
chants. Consumers may have goods shipped to a drop 
address from which a third party re-ships the goods to 
the consumer so that the merchant never knows the 
identity of the consumer, and the re^hipper does not 
know shipment contents. 30 
[0030] The service also provkles Internet and point of 
sale identity protection. By substituting the consumer 
account name with a random number every time the 
user's information is s^ over the network, the informa- 
tion bank keeps track of the aliases it generates and 35 
internally routes responses to appropriate parties while 
preserving anonymity. 

BRIgF DEgC RIPTIQN QF THE DRAWINQg 

40 

[0031] Having bri^ly described the invention, it will 
become better understood from the following detailed 
discussion, viewed with reference to the attached draw- 
ings, wherein: 

45 

FIG. 1 presents a general overview of an embodi- 
ment of the present invention; 
FIG. 2 presents a general overview of a use of a 
first specific data store as implemented in the sys- 
tem: so 
FIG. 3 presents a general overview of a use of a 
second specific data store as implemented in the 
system; 

FIG. 4 presents another general overview of a use 
of a second specific data store as implemented in ss 
the system; 

FIG. 5 presents a general overview of how a con- 
sumer inputs information or data into the second 



specif k; data store of FKaS. 3 or 4; 
FIGS. 6 and 7 present a general overview of alter- 
native ways of how consumers may access the sec- 
ond specific data store, i.e. , the service account, in 
the system; 

FIG. 8 is a detailed overview of the use of a third 
specific data store as implemented in the system, in 
combination with the use of the first and second 
specif k; data stores; 

FIG. 9 is an alternate overview of the use of a third 
specific data store as implemented in the system; 
FIG. 10 is an overview of how certain events trigger 
notification to consumers using the system; 
FIG. 11 shows how the system may be imple- 
mented to provkle consumer information to mer- 
chants on an anonymous basis; 
FIG 12 is a table showing the different types of data 
in the different accounts of the system; 
FIG. 13 is an architectural overview of an electronic 
wallet to be used in the system; and 
FIG. 14 illustrates a wallet and application access 
scheme. 

DETAILED DESCRIPTION 

[0032] The information banking system whk)h 
includes a distributed network based dectronic wallet 
provides a means for consumers to internee with both 
the information bank and third-party providers of goods, 
services or information who are refen-ed to herein as 
merchants. In Figure 1, the consumer 25 is shown 
either interfacing with an information bank 23 and vari- 
ous merchants or service providers 27. This can be 
done by the consumer 's through a home PC or at a 
walk-up kiosk type devrce which utilizes smart card 
technology, Connectton to the information bank 23 can 
be through conventional transmission lineS '29 such as 
telephone lines, cable, wireless communication, etc. 
Regardless of the type of user interlace chosen, the 
consumer communfeates through the network^, to the 
information t>ank 23 and/or the merchants or sennce 
provider '7. The network may be a closed network, 
accessible only to the consumer 25. the information 
bank23 and approved merchants or providers 27. or it 
may be a network such as the Intemet. where all trans- 
actions are conducted in a secure manner well known in 
the art through appropriate encryptbn. The information 
bank23^can be made up of a conventional server with 
appropriate data storage. Within the data storage, sep- 
arate files or accounts^n be defined as will be readily 
apparent to those of ordinary skill in the art. Communi- 
cations t>etween the server and other users/devices is 
achieved by conventional means such as a telephone 
nxxJem. cable nxxiem or other like established and well 
known systems. 

[0033] ln~Rgure 1 there is shown an overview of the 
types of accounts which will be maintained at the infor- 
mation bank 23 and the types of infamation retrieval 
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which the consumer ^5 can control. The consunner'e 
authorized Information will be either requested by or 
relayed to various merchants or service providers 27 
consisting of associations, billers, or financial institu- 
tions with whom the consumer 25 wishes to transact 
business. One type of consumer account is known as a 
courtesy account 31 and holds certain home or per- 
sonal information, such as the name, address, phone 
numbers, e-mail address, birthday, social security 
number, mother's maiden name, spouse's information 
and other familial information which is commonly 
needed to fill out forms or otherwise identify the con- 
sumer to those with whom they do business. This type 
of data Is typically known however as "static identifica- 
tion data" as has been desaibed and will become 
clearer further herein. 

[0034] A second type of account is a service account 
33 which is maintained for the benefit of the consumer 
and contains "moderately dynamic personal data" about 
the consumer 25, as well as software programs which 
can be accessed by the consumer 25, and which may 
be accessed or populated by various merchants or 
service providers 27 as authorized by the consumer 25. 
For example, banking accounts, insurance information, 
tax returns, and other consumer data can be stored in 
the service account. This data is characterized by being 
a large amount of data which is dynamic and stored 
over long periods of time. It can be used for functions 
such as bill presentment/payment, relationship man- 
agement, tax preparation, and other purposes as will 
become clearer further h^ein. 
[0035] Rgure 1 also shows a third type of data known 
as "dynamic demographic information data" which is 
kept in a value generation account 25. This file or 
account 35 is provided as a means for the consumer 25 
to define certain demographic data, including a generic 
consumer profile, Interests and hobbies, and the types 
of information the consumer would like to receive from 
third parties. This information is stored in the value gen- 
eration account 35. Upon request by a third party mer- 
chant or service provider 27, a profile or aggregate of 
consumer information may be provkied to the third party 
merchant or service provkier by the information bank 23 
for a fee. The profile or aggregate of information about 
participating consumers will not provkie Informatfon 
which Identifies indivkiual participating consumers, but 
will rather prcvkJe the third party merchant or servfoe 
provider with sufficient information to determine if it will 
request that the information bank provkJe consumers 
with advertisements of its merchandise or services. 
Merchants or servkse provders 27 will likely agree to 
pay for this aggregate consumer data and for indirect 
access to the consumers whose information is con- 
tained in the data bank because it will enable the mer- 
chant or service provider 27 to direct specific offers to a 
targeted market in an efficient manner. 
[0036] *Figure 2 illustrates, one example, of how the 
courtesy account xan be used as a form filling service. 



In this figure, there is a three-way relationship between 
the merchant, in this case a doctor 39. the consumer 25 
and the information bank -23. First, the merchant, or in 
this case, a doctor 35 will send a permission request for 

5 information to the consumer 25 through a separate con- 
nection 37 whk:h can t>e the Internet, a dedicated line, a 
phone call, etc. The consumer 25 will then send a per- 
mission message, including a verifiable signatures, 
back to the doctor 39. The doctor 39 will then forward an 

io Information request through, for example, use of com- 
munication device, including a now verifiable pernrus- 
ston to the information bank 23. The information bank 
23 will verify the permission as being valkJ for this par- 
ticular consumer 25 before forwarding the consumer's 

IS personal information to the doctor's off 39. The infor- 
maton in this sc&iario is originally entered by the con- 
sumer 25 directly into the information bank 23. It Is also 
expected that a merchant or a service provider, such as 
a doctor, who maintains information about an individual. 

20 such as a history of immunizations, coukl have such 
information directly transmitted to the information bank 
when the doctor is authorized to do so t)y his patient. 
This wouM give the patient/consumer the convenience 
of having the merchant or service provkJer provkJe the 

2s Information Bank with a medical history or with update 
information, such as a recent immunization, about the 
patient/consumer without the inconvenience of the 
patient/consumer having to manually fonward such infor- 
mation to the Information Bank which wouM then have 

30 to take the additional step of entering the data. This 
woukJ also save the doctor the cost of storing the 
records. 

[0037] Of course, this type of service is not limited to 
form filling. In a more general sense, the Information 

35 Bank allows the consumer to grant conditional, single 
access or limited access to service provkters or mer- 
chants such as tax specialists, loan brokers, financial 
planners, and similar entities, which typically use infor- 
mation provided by a consumer. After retrieving the con- 

40 sumer's information, these entities may generate 
compilations and/or analysis of the consumer's data 
and. for exanple, prepare a tax return, foan application 
or financial plan for the consumer. The service provKler 
couU then either return the prepared document to the 

4S consumer or directly file documents such as a tax 
returns if authorized to do so by the consumer. Result- 
ing information might also be incorporated into the con- 
sumer's information staed in the Informatfon Bank for 
future access and/or analysis. 

50 [0038] Figure 3 depicts the use of the information 
bank servfoe account 33 to provide a signing service. 
Such a servfoe may be provkJed where a consumer 25 
requests such a servfoe and provkies the service insti- 
tution with adequate authorization, such as a power to 

55 attorney, to provkie signatures for the consumer. As 
shown in this diagram, the consumer 25 forwards an 
unsigned document to the information t>ank 33 where 
cryptographic software 39 which is conventional in 
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nature and well known to those of ordinary skill will be 
used to authentteate the consumer 25 and generate a 
signed document for return to the oonsumer^S. Also, it 
is expected that the consumer may authorize the infor- 
mation bank to sign certain documents for the con- 
sumer which have been transmitted to the bank by third 
parties. In such a case, the consumer wouU review the 
document and instaict the information bank to sign the 
document. Tbe information bank couU then return the 
docunrient to the consumer or to the third party if 
requested by the consumer. 
[0039] Electronic commerce requires certain trust 
components be implemented for signing services. More 
specifically, cunrent digital signing procedures require 
parties in etectronk; transactions to provkle critfoal trust 
conrponents such as encryption and non-repudiation 
services. The current public key infrastructure (PKI) 
which is promoted by various vendors involves certifi- 
cate authorities (CA*s). For the power of attorney signa- 
ture sen^ice described above, the infornnation bank 
woukl provide the required key and certificate authority 
without requiring access to any private verification infor- 
mation or key possessed by a consumer, but woutol 
instead provide all authentication services through the 
information bank service. The information bank would in 
turn require adequate authentication from the individual 
consumer for execution of the signing service. 
[0040] By implementing a digital signing service with 
appropriate software 39. the information bank 23 can be 
used to remedy or eliminate many of the issues related 
to registration, certificate issuance, certifk^ate verifica- 
tion and certifk;ate revocation lists (CBLs). This also 
reduces the size of the data transfer required for a veri- 
fied transaction, because a standard certif k;ate includes 
the certificate hokJer's klentity. the certificate serial 
number, a certificate holder's expiration dates, a copy of 
the certificate hoMer's publk; key, the kdentity of the CA, 
and the OA's digital signature which is used to confirm 
that the digital certif k^ate was issued by a valid agency. 
[0041] The present invention also provkles fcs* digital 
signature verifk^ation and notary servfoes. This is illus- 
trated in Figure 4. Curent PKI solutions require several 
components in order to verify the integrity of a digital 
signature. Beskies the document and the signature 
itself, all certifk^ates in the chain to a trusted root and 
access to the CRLs for each OA must be available. 
These components are then fed into a software program 
that verifies first, that no certificate was on a CRL at the 
tinr^ of signature; second, the integrity of each certifi- 
cate in the chain based on the public key of the next 
higher certif k^ate in the chain is unquestioned; and third, 
the integrity of the original document. A consumer ^5 
wishing to perform this process needs access to this 
software, but they must also trust the software that's 
performing these checks. That is, if the software pro- 
vkles a valkJ or invalid signature result, but the software 
is not adequately safeguarded on the consumer's 
machine, then any result provkled by this software is 



suspect 

[0042] The signature verification function offered by 
the present invention provktes a simplified and trusted 
method for verifying the integrity of additional signa- 

5 tures. A consumer ^5 is not required to understand the 
intricacies of CRLs and is not forced to load crypto- 
graphic software onto his access device. Instead, the 
consumer's just fonwards the signature and request to 
the information bank 23, whk:h performs the appropriate 

10 ch^;ks. In this case, the cryptographk; software 39 is 
already loaded into the information bank 23, but the 
CRL and root certificate are provided through line 41 to 
the information bank 23 to perform the verifk:ation for 
the consumer 25. An alternate function, somewhat 

IS related to signature verificatfon, is an actual signing 
function. In provkling a signing function, the informatfon 
bank 23 accepts an unsigned document and signs It on 
behalf of the consumer 's. Another benefit of offloadir^ 
the signing and ver'rffoation process to the informatfon 

20 bank 23 is that Is reduces the overhead on the con- 
sumer 25 devk;e. It tak^ quite some time to generate a 
1024-bit key pair using a browser on a current Pentium 
processor. The information bank 23. however, will be 
running this software on a state-of-the-art machine as 

25 previously discussed, whfoh is capable of quickly per- 
forming this function. Furthernwre, the information t>ank 
23 will operate in a secured environment which will elim- 
inate any questions related to software integrity, and will 
provkile access to all required CRLs and route certifi- 

30 cates from the appropriate X.S00 directory structures 
through connections 41 , many of which are likely to be 
stored in local cache memory. The information bank 23 
also functions as a secured backup and storage fecillty 
service. 

35 [0043] As vnofe and more consumers begin to use 
electronic commerce and related electronfo bill paying 
servk;es, consumers will need to maintain importont 
home records related to these transactions on their own 
PCs. The consumer may soon have access to and 

40 require safe storage for electronfo copies of insurance 
policies and other legal documents. Many consumers 
already aeate large amounts of data with personal 
financial software, such as those commercially available 
under the names Quicken or Turix) Tax The secured 

45 backup and storage service provkied by the information 
bank 33 provides the consumer 25 with the capability to 
safely and securely store important documents on serv- 
ers which are professionally managed and reskle on 
Information bank23 hardware. Storage remote from the 

50 consumers' PC provides a disaster recovery plan and 
mitigates any problems associated with hard disc 
aashes, fire or theft 

[0044] Figure 5 provkJes an overview diagram of the 
types of personal financial information which will be res- 
55 kjent on or managed by the information t)ank'8 secured 
backup and storage devices. Personal financial informa- 
tion, such as banking, bill presentment, stocks, mutual 
funds. 401 K accounts or IRAs. all collectively kjentified 
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with the number 43. can be transferr^ to the infbnna- 
tion bank through connections 29 under the consumer's 
control. Legal documents such as insurance policies, 
wills, deeds, contracts and other electronic commerce 
documents can also be fonfvarded to the information 5 
bank23 for secure archival. Electronic artifacts, such as 
coupons, point of sale receipts, tickets, tokens and other 
forms of loyalty credits can be made by the consumer 
25 and tracked In the information bank^3 in a secured 
manner. Important medical records will inaeasingly be 
created and stored electronically by medical service 
providers, and such records of consumers' allergies, 
medications, past x-rays, diagnoses and doctor's notes 
can be stored by the consumer 25 and securely and 
confidentially saved at the information bank 23 in the 
service account 33 for release only as approved by the 
consumer 25. In the prefenred embodiment the con- 
sumer 25 would instruct the third party merdiarrt to for- 
ward this information directly to the information bank 23 
and it would then be stored therein for the consumer. In 
an alternate embodiment, these financial and personal 
documents would be moved from the third party mer- 
chant to the consumer 25 and then fonwarded by the 
consumer to the infomnation bank 33.. 
[0045] Another office related service Is the virtual 
offk;e provided by the information bank 23. This service 
compliments the storage and secure backup by, for 
example, providing software for students, or for use at 
small offices or home offices. Suites of office software, 
including word processing or spreadsheet programs, 
could be provided for the cost conscious individual who 
has Internet access but does not necessarily have the 
resources to pay for. or the desire to continually update 
and manage, a home office software library. This can be 
provided by the service account 33 and implemented in 
a conventional manner well known to those of ordinarily 
skill in the art. Subsaibers to this service would be able 
to execute the software when needed and wouM never 
have to worry about upgrades or system compattollity, 
which woukil be managed by the infamation bank 33 
which transmits the software to the consumer 25 for use 
by the consumer 25 on the consumer's device. e.g.. 
home computer. 

[0046] The Information bank 23 can be used to coor- 
dinate the consumer 25 information stored in the infor- 
n^ation t>ank 23 with third party servk;e providers in 
order to more conveniently allow the consumer 25 to 
use the third party services. 1=6r example, the informa- 
tion bank 23 may be used to provide software which will 
facilitate the downloading of certain consumer informa- 
tion to printing services or in case of emergency, to 
medical providers. The information bank 23 may also be 
programmed to release this information to. for example, 
executors of the consumer's estate if previously author- 
ized to do so by the consumer 25. By being able to 
share information generated by various service provid- 
ers, the consumer 25 will find that many previously bur- 
densome tasks are now easily accomplished. In the 



preferred emtxxliment, this data will be stored in a self- 
describing format, such as the XML protocol for easy 
transfer to and use by various third parties. 
[0047] Both Netscape and Microsoft Corporations 
market web browsers which currently provide support 
for generating key pairs. However, if a user is so unfor- 
tunate as to suffer a disc crash or has failed to update 
the browser software, it is possible that a user couU 
lose the keys forever. Once this happens, there is no 
way to retrieve the information previously encrypted 
with the keys. The information bank 23 may offer a key 
escrow and recovery function as further depicted in fig- 
ure 6 to protect the consumer 25 against catastrophic 
key losses. In Figure 6 the consumer 25 uses software, 
such as a browser, which can generate a key pair gen- 
eration request and forward it to the information bank 
23. The information bank 23 then generates a key pair 
and certificate, saves the key pair and certifk^te, and 
fbnwards them to the consumer 25 for use. A second 
option is shown in Figure 7 in which the consumer 25 
using browser software, generates the key pair and cer- 
tificate and then forwards the key pair and certif k:ate to 
the information bank 23 for archival. If the consumer 25 
ever loses a key pair, the consumer 75 can request and 
receive a replacement copy from the information bank 
23. To accomplish all of this, of course, ayptographic 
software 39 is required, the details of which will be read- 
ily apparent to those of ordinary skill in the art. 
[0048] The information bank 23 is configured to gen- 
erally facilitate electronic transactbns and make the 
consumer's life easier and more convenient The value 
generation account 35 to be discussed in greater detail 
hereafter, can be used to provide assisted product, 
service, or information searches which not only make 
consumers' lives more convenient, but also provide con- 
sumers with some value in return for using the sendee. 
This value may be in the form of monetary condensa- 
tion or it may be in the form of loyalty credits with pre- 
ferred merchants selected the consumer 25. This is 
an optional sennce and is completely controlled by the 
consumer 25. The consumer 25 can make their hob- 
bies, personal interest and demographic information 
available, while keeping their identity private. A con- 
sumer profile is compiled by the information bank 23 
from both explicit and irrplicit information. The con- 
sumer 25 is given full control and can specify con- 
straints on information and specifically exclude certain 
information from product, service, or inf6rmatk3n search 
categories. Merchant offers whk:h satisfy the consumer 
criteria are fonA^arded by the information bank 23 to the 
consumer 25. In this system, the merchant will not know 
the identity or address infbmiation of the consumer 25, 
nor will the consumer 25 know who the identity of the 
merchant. The information provided must be presented 
with a summary demonstrating how it satisfies the orig- 
inal interest of the consumer 25 and may include short 
promotional information. The consumer 25 has the 
opportunity to request more information or request a 
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purchase. Up to this point, the advertising provided from 
the merchant to the consumer 25 has been free to the 
merchant. This allows the merchant to get real time 
demand statistics and other valuable aggregate indica- 
tors of the quality of their offer free of charge. However, 
in order to complete the final transaction, a fee is 
required for the merchant to continue. In this way, these 
advertising dollars are sp^ by the merchant, knowing 
they are highly correlated to a targeted sales market 
[0049] Figure 8 illustrates such a process where the 
consumer information from the consumer 25 device is 
entered into the information bank value generation 
account (previously numeral 35 in FIG. 1) in the form of 
a profile. In this case, the information bank 23 is shown 
as consisting of an information bank portion 123 con- 
sisting of the courtesy account and service account pre- 
viously discussed. The information bank 23 will also 
include the value generation account module, i.e.. 
number 125 herein, an independent consumer advice 
module 127, a transaction module 129 providing, 
matching, brokering, consolidation and accounting 
functions, and a merchant gateway module 131 which 
connects to the merchant 133. In this embodiment, the 
value generation account module 125 takes input from 
the courtesy and service accounts 123 in the form of 
explicit and implicit (mined) data. The consumer 25 pro- 
file is updated from this data and is provided to a mod- 
ule 129 having a matching function running in the 
information tsank 23. The matching function also is con- 
nected to receive offers from a merchant gateway nxxl- 
ule 131 which is connected to the merchant 133. 
Merchant offers which suffteientty match the consumer 
25 profiles will be forwarded by the information bank 23 
to the consumer by the module 129 for review. When a 
consumer 25 indk^ates interest in a particular offer, they 
will issue a request or a buy request back to an informa- 
tion bank consolidator function in module 1 29, which will 
then forward this to the merchant 1 33, either indrvidualiy 
or in bulk with other consumer offers. The merchant 133 
will then pay a fee for the brokerage service and por- 
tions of this will be split by the information bank.23 and 
allocated to particular consumer accounts as appropri- 
ate. This function also includes an independent con- 
sumer advisor module 127 which includes data 
available to the consumer 25 for reference, and pro- 
vides background information about various merchant 
offers. 

[0050] The fees paid by a nrierchant for access to the 
consumer information could also be structured such 
that the fee would inaease based upon the type of 
usage by the merchant For exarrple. a certain fee 
could be assessed for access to view a customer infor- 
mation summary. The fee wouW then be inaeased if the 
merchant chose to request that information be provided 
to individual consumers. A further fee increase might be 
levied if a consumer chose to respond or purchase a 
merchants product alter being soficited through the 
information bank. Other tiers of ^rvices and fees are 



also contenplated. 

[0051] The Information bank 23 may also be pro- 
grammed to provide, for example, a coupon, ticket, 
token and loyalty management program in which the 

5 information bank 23 serves as a mint and clearinghouse 
for units created for use as coupons, tokens, tickets and 
other loyalty schemes. Although exhibiting a wide vari- 
ety of outward appearances, tiie internals of the mint- 
ing, capture redemption and automatic clearing 

10 functions would work essentially the same. This func- 
tion is valuable to the consumer 25 because of added 
functionality in an electronk; wallet (to be described 
hereafter) to keep fack of various coif)ons. tokens and 
ticket acquired by tiie consumer. 

IS [0052] A coupon and loyalty management program is 
depk;ted in figure 9 as including several conponents of 
tiie information bank 23. These components include a 
clearinghouse module 139. a retailer gateway Module 
137, a service account Module 123. credit exchange 

20 nrxxdule 135. a manufacturer gateway Module 141 . an6 
interfaces to merchants who can be either retailers 147. 
manufecturers 145 or service providers, such as an 
opera house 149 or ticket Issuer 143. 
[0053] As further shown in Rgure 9, tine information 

25 bank manufacturer gateway module 144 can be pro- 
grammed to mint a coupon and issue this via the manu- 
facturer 145 electronically to tiie consumer 25 who will 
then store the coupon in the information bank service 
account 33 or in an electronic wallet therein. Coupons 

30 may be issued by manufocturer, distributors and/or 
retailers, and tickets may be issued, for example by var- 
ious entertainment and/or educational concerns. 
Tokens are issued by a wide variety of concerns ranging 
from ti'ansportation authorities to entertainment estab- 

35 lishment. Almost any retailer or business couU create a 
loyalty program using tokens. The consunter 25 in 
receipt of a coi4X)n, ticket or token would store tiiese in 
a service account or smart card electronic wallet. When 
the consumer wished to redeem these coupons, they 

40 wouM forward them to the information bank retailer 
gateway module 137 which presents the<X)upons to the 
information bank clearinghouse nxxiule 139 for settle- 
ment. The information bank nnanufacturer gateway 
module 1 41 ttien would issue an appropriate credit back 

45 through the information bank clearinghouse module 
139 to tiie appropriate retailer 147 in exchange for tiie 
redeemed coipon. All of tiiese functions can be imple- 
mented routinely by tiiose of ordinary skill in tiie art 
using existing hardware and software tools and devices 

so once the broad functionality described in detail herein is 
known. 

[0054] As shown in FIG. 10 tiie information bank can 
also provides an important event, notification and 
response function. Such a function serves to allow tiie 
55 consumer 25 to specify certain events that are impor- 
tant to tiie consumer 25. Such events could be birth- 
days, stock prtee movements, loan availability, 
extraordinary bill charges, personal information 
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requests, etc. The consumer^S can establish a hierar- 
chy for the information bank 23 to locate the consunfier 
-25, such as trying the consumer cellular phone first, 
then a work number, then e-mail, then a home number. 
When an event occurs that matches a trigger, a event 
notification is generated by a monitor program 151 . The 
priority of the event would determine the degrae of 
tenacity the service asserts in order to notify and obtain 
notice of verification from the consumer 25. This proc- 
ess is shown in Figure 1 0, where the consumer 25 sets 
specific event triggers and stores these in the informa- 
tion bank service account 33. The information bank 
then constantly monitors the event notifications with the 
monitor program 151, and when there is a match for a 
trigger event, the information t>ank 23 provides notice 
back to the consumer 25, based on the notificatfon hier- 
archy previously defined by the consumer. 
[0055] The information bank also provide an anony- 
mous shopping service. This service, as shown in Fig- 
ure 11, allows several components of the information 
bank (such as the service account 33, an anonymizer 
module 153 which assigns an alias to all consumer 
transactions, an order payment consolidator module 
1 55, a junk e-mail investigator module 1 57 and a reship- 
per module 159 to work together to provide a intermedi- 
ate shopping servk;e which allows the consumer to 
browse certain merchant displays over the Internet with- 
out revealing their identity. The modules and functions 
desaibed are conventior^l and well known, for exam- 
ple, from such services already availak>le from certain 
web service providers. However, to date, no one has 
integrated the noted functions and modules into a 
coherent functioning system as provided by the present 
invention. 

[0056] The anonymous shopping feature is similar to 
the assisted product, service, and information search, 
but this feature assumes that the discovery ar%l compar- 
ison work has already been done, either through mer- 
chant offers fonwarded to the consumer, or by the 
consumer's independent investigation. 
[0057] This feature is more like a "shopping cart" on a 
wetDsite or service provkler site on the Internet, where 
the shopper can span multiple merchant sites and shop- 
ping sessions and aeate a consolidated order. The 
irrformation bank 23 serves as an intermediary for the 
consumer 25. The identity of the consumer 25 is 
rejpABcedi by an alias that is rememt>ered by the function 
for subsequent reference. A different alias can be used 
for each merchant site, n^aking it difficult for data scav- 
engers to cross-correlate consumer purchases based 
on the alias. Junk e-mail originating from unknown sites 
can be traced to the site -selling the address information 
via the alias. 

[0050] this function consolidates orders to popular 
merchants and pays these merchants directly in a lump 
sum. together with a summary of orders and corre- 
sponding ship-to addresses. The consumer ^5 is billed 
internally so that their credit card and other identification 



Information is never exchanged over the Internet 
[0059] for an additfonal shipping fee. the consumer 
has the option of having goods shipped initially to a drop 
box or reshipper address where a third party will take 

5 the goods and reship them to the consumer 25 at 
his/her stored address. In this manner the merchants 
never know the address or identity of the consumer 25. 
The packages are handled anonynmusly and a reship- 
ping services does not know package contents. 

10 [0060] With respect to the types of data stored by the 
information bank23, as previously discussed, in partic- 
ular with the first data store which is staed on the data 
storage mean, which includes static kJentification data, 
the second data store stored on the data storage and 

75 which includes moderately dynamic pe^nal data, and 
the third data store which includes dynamic demo- 
graphic information data, this is more clearly illustrated 
in FIG. 12. The courtesy count as shown in FIG. 12 
includes the static identrfteation data which is personal 

20 to a use having access to the information bank 23. The 
second data store conrespondences to the dynamic per- 
sonal data in the service account, and includes data 
about ^e user such as billing history, payment history, 
eto. The third data is the demographic data and will be 

25 Stored in the interest bearing account to generate remu- 
neration for the consumer in exchange for allowing use 
of that data. All of the types of data described have been 
previously discussed and are further expanded and 
illustrated in the tatsle shown in FIG. 12. 

30 [0061 ] Turning now to the use of an "electronic wallet" 
as previously described for use in connection with the 
system 21 of the invention, such a typical wallet 171 is 
shown in FIG. 13 whfoh shows a typical architecture for 
such a wallet 171. The ooncqjt of an electronic wallet 

35 means many things to many people. One version wouki 
be a pocket sized computer with a snap shot-size color 
screen that will t>e used in place of many essentials that 
consumers carry around with them today such as 
money, keys, identification, credit cards, tickets, as well 

40 as items that provide the consumer with mobile informa- 
tion and communications such as a watch, newspapers, 
calculator, portable telephone, pager, etc. In this 
embodiment the wallet 171 is a physk»l thing that is 
carried in the pocket. Because of its electronic nature, it 

45 can add functionality that the conventional wallet can 
not perform. However, consumer concerns akx)ut this 
type of device make it impractical. Although it is techni- 
cally possible to back up the contents of the electronk; 
device, the reality is that consumers would probably be 

so at least as in-esponsible with such a device as they are 
currently with their own data. Further, to the extent that 
such a wallet interfaces with provkJers of the wallet or 
others, there is a security corYcern in that information 
about the consumer could be used by others to make a 

55 profit and not let the consumer know about it. Thus, 
extension of the physical wallet, especially those offered 
by third party software a hardware vendors make rapki 
adoption unlikely. 
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[0062] At the other end of the spectrum is the totally 
virtual wallet. It is not a physical device, but a set of 
applications on a server somewhere. The major disad- 
vantage of this approach is that all transactions have to 
be "on-line" or connected to a server. This could result 
in more expensive and/or less convenient use. Another 
issue is security. 

[0063] A hybrid approach, and that preferred in 
accordance with the system 21 of the invention, is to put 
some data and applications on a physical device and 
some on a server. A smart card is ideally suited for this 
type of application since it makes the most sense to put 
the security and access functions on the card, and to 
put the volume of data and applications on the server 
such as the information bank23. Further, those transac- 
tions that would be too expensive to have on-line, such 
as small amounts of electronic cash transactions, also 
makes sense to have on a such a smart-card. Thus, as 
shown in FIG. 13, the electronic wallet 171 in one 
embodiment is made up of an e-cash applications con- 
tainer 173, an electronic cash application manager 175. 
a use or authentication module 177, a key to application 
manager 181. a key ring applications container 183, 
and external applications interoperability API (applica- 
tions program interface) 179, and a user application 
organizer and manager 185. 

[0064] The e^sh applications container 1 73, as the 
name Inplies, is storage for e-cash applications. In 
order to gain critical mass, more than one type of e-cash 
is supported. The storage in container 1 73 is sufficiently 
generic to only record each of its members as being 
some form of e-cash and the actual "object" in the con- 
tainer 173 is a "connector" to the real e-cash applica- 
tion. The programming provides that the «-cash 
application can be located and started. The e-cash 
manager 175 is software that provides how to add e- 
cash applications and use them in a generic manner. 
The user authentication module 177 can be replaceable 
to allow for growth in the security and authentication 
technologies. Prior to implementation of smart cards, it 
could be software that asks for an account number and 
personal identification number, but with current technol- 
ogy, it can be implemented using the card and a server, 
using authentication technology implemented today. For 
future purposes, alternative security and authentication 
technologies might use biometrics, etc. 
[0065] The key to application manager 181 serves to 
manage non-cash applications in the wallet such as 
credit, debit, eK;hecks, identification, facilities access 
and other applk;ations. This is tiie software that main- 
tains the contents of the key ring application container 
183. The key-ring container 183 holds the connectors to 
server applk;ations. The contents are managed and 
maintained by the key to applkation rnanager 181 previ- 
ously described, ^ven as smart cards become more 
commonly available, it is believed tiiat they will not be 
sufficientiy large to actually hold tiie applk:atk>ns. 
Instead, they will hokJ "connectors" to tiie applications 



tiiat reside on a server. The most important aspect of a 
"connector" is a key or certificate that helps identify an 
authorized user of the application. The "key ring" then is 
a container of keys. They are not like the "real" keys, 

5 however, as further illustrated by FtG. 14 hereof. 

[0066] More specif k^ally, FIG. 14 illustrates a wallet 
and application access scheme 201. In this figure, the 
concept of an access device provider, wallet issuer and 
application provider have all been separated. As lllus- 

10 trated in FtG. 14. tiie consumer 25 can use an access 
device 203 to access their information 205. The access 
de/ice 203 has been provided at pdnt of sale, or point 
of contact by some party. The wallet then uses tiie 
access device 203 and tiie access device server 207 

75 connection to the network to contact tiie wallet issuer 
server 209. The consumer 25 tiien Identifies the appro- 
priate application by ttieir own description. The descrip- 
tion is associated to a application key proxy 21 1 that is 
sent to the application provider server 213. 

20 [0067] In the scheme 20 1 described, tiie consumer 25 
can access their information via a device 203 provided 
at point of sale, or point of contact by some party. Since 
tills party will want some presence other than the device 
203. some "real estate" is set aside in the presentation 

25 interface for their content. The wallet 171 uses tiie 
device 203 and the devices server 207 connection to 
tiie network 201 to contact the wallet Issuer server 209. 
The consumer 25, as noted previously, klentifles tiie 
appropriate application by their own description. The 

30 description is associated to an applk^ation key proxy 
211 tiiat is sent to an issuer server 209. The issuer 
server 209 autiienticates the user 25 and then looks up 
the location of the application and its real and actual key 
to be used for access to it. It then connects the con- 

35 sumer 25 to tiie application at the application server 21 3 
and serves as a secure conduit. 
[0068] As may be appreciated, proxies are used 
instead of actual keys in case tiie card is lost or stolen. 
In this manner, the coordination with many unaffiliated 

40 organizations to Issue new keys is eliminated. The 
issuer simply issues a new card with new proxies on the 
card. 

[0069] Such a system as will be readily apparent, can 
be easily implemented in tiie system of Figures 1-12 to 

45 provide enhanced functionality and flexibility. 

[0070] Although the invention has been descrbed with 
reference to tiiese preferred embodiments and features, 
other similar embodiments and features can achieve tiie 
same results. Variations and modifications of the 

50 present invention will be apparent to one skilled in tiie 
art and tiie present disclosure Is intended to cover all 
such modifications and equivalents. 

Claims 

55 

1 . A system for selective organization, access to and 
use of personal data, comprising: 
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a server, having data storage means for storing 
personal data in three separate and distinct 
data stores; 

a first data store stored on said data storage 
nieans comprising static identification data 
which is personal to a user having access 
means for connecting to the server accessing 
and using; 

a second data store stored on said data sta- 
age means company moderately dynamic per- 
sonal data about the user; and 
a third data store stored on said data storage 
means comprising dynamic demographic infor- 
mation data about the user. 

2. A system according to daim 1 further comprising 
access means for connecting to said server to 
access sajd first, second and third data stores. 

3. A system according to daim 2 wherein said access 
means comprises a computer terminal connectable 
to said server via a network. 

4. A system according to daim 2 wherein said access 
means comprises an electronic wallet having said 
first data store duplicatively stored therein, portions 
of said second data store and portions of said third 
data store stored therein. 

5. A system according to daim 1 further comprising 
authorizing means for allowing selected users 
access to and use of dynamic personal information 
data in said third data store. 

6. A system according to daim 5 further comprising 
matching means for matching selective dynamic 
personal information data in said third data store 
which is specific to a consumer with selected infor- 
mation provided by said selected users. 

7. A system according to daim 1 further comprising 
means for authenticating and signing documents 
for a user from data obtained from said second data 
store in communication with a user. 

8. A system according to daim 1 further comprising 
means for matching a user profile obtained from 
said third data store, with a merchant profile, upon 
user request, for transmitting information about the 
merchant's products to the user. 

9. A system according to daim 1 wherein said data in 
said third data store is stored in a configuration 
ensuring user anonymity. 

10. A system according to daim 1 wherein said second 
data store includes credited value data for use by a 
user in commercial transaction. 



11. A method of selectively organizing, accessing and 
using personal data<x>nfprising: 

storing a first data store made up of data oom- 
5 prising static k^entification data which is per- 

sonal to a user having access to the first data 
store; 

storing a second data store made up of data 
comprising moderately dynamic personal data 
10 about the user having access to the second 

data store; and 

storing a second data store made up of data 
comprising dynamic demographic information 
data about the user having access to the third 
IS data store. 

1 2. A method as in claim 1 further comprising providing 
access by a user to said first data store for using the 
data therein for filling out forms. 

20 

13. A method as in daim 1 further comprising duplicat- 
ing the data in the first data store, and portions of 
the data in the second and third data stores, on an 
electronic wallet. 

25 

14. A method as in daim 1 further conprising making 
data about selected users in the third data store 
availat>le on an anonymous basis to merchants to 
allow nrterchants to provide information to the users 

30 about merchant products or services that match the 
data provided. 

15. A method as in claim 1 further comprising down- 
loading purchasing aedits from said second data 

35 Store into an electronic wallet to allow a user to 
engage in oommerdal transactior^ with such aed- 
its. 

16. A method as in daim 1 further comprising monttor- 
40 ing certain groups of data in said second data store 

for the occurrence of certain events, and notifying a 
user con-esponding to said data of the event 

1 7. A method as in claim 1 6 further conrprising aocess- 
45 ing outside data sources to update data in said sec- 
ond and third data stores on a periodic t>asis. 

18. A method as in daim 1 further comprising authori- 
zation by a user to allow selected third parties to 

so access data in saki second data store. 

19. A method as in claim 18 wherein said third parties 
are doctors. 

55 20. A method as in claim 18 wherein said third parties 
are financial servk;e provklers. 

21. A method as in claim 18 wherein said third parties 
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are one of the group consisting of telephone serv- 
ice vendors, power service vendors, and cable tele- 
vision vendors, insurance vendors, and aedit card 
providers. 
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